CVE-2006-4759
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
admin/admin_board.php en PunBB 1.2.12 no maneja adecuadamente los nombres de ruta de un avatar que finalizen en %00, lo cual permite a un usuario remoto administrador validado el envío de ficheros de su elección y ejecutar código, como lo demostrado lanzado una sentencia al admin_options.php con el parámetro avatars_dir acabado en %00. NOTA: Esta vulnerabilidad fue originalmente impugnada por el proveedor, pero la impugnación fue retraída el 20060926.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-09-13 CVE Reserved
- 2006-09-13 CVE Published
- 2023-08-25 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://forums.punbb.org/viewtopic.php?id=13255 | X_refsource_confirm | |
| http://www.attrition.org/pipermail/vim/2006-September/001041.html | Mailing List | |
| http://www.attrition.org/pipermail/vim/2006-September/001052.html | Mailing List | |
| http://www.attrition.org/pipermail/vim/2006-September/001055.html | Mailing List | |
| http://www.securityfocus.com/archive/1/445788/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/446420/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28884 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.security.nnov.ru/Odocument221.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|